At the last WWDC, Apple announced some changes to CloudKit, the technology that enables an app to sync with iCloud. As many of you know, it was previously impossible for non-Mac App Store apps to sync with iCloud. The changes that Apple made to CloudKit have opened up some really exciting possibilities, and today, we’re happy to announce that we have been able to implement iCloud sync in the AgileBits Store version of 1Password.

Wait…what?

1Password uses the CloudKit API to sync your data with iCloud. In OS X 10.10 Yosemite, the CloudKit framework provided by Apple did all the heavy lifting by communicating with Apple’s servers for the app, but it was only available for apps that were codesigned by the Mac App Store. This meant that only the Mac App Store version of 1Password could sync with iCloud.

What’s changed?

CloudKit is still the way that developers access the iCloud database, but Apple has provided a brand new way of accessing their CloudKit servers: CloudKit web services. CloudKit web services allows apps to access CloudKit via a really nice web framework called CloudKit JS. When these changes were announced at WWDC, we were excited to start working with this new framework to see what possibilities it would present. Ultimately, CloudKit JS enabled us to support iCloud sync in our AgileBits Store version of 1Password.

[Update] If you are a Mac app developer, and would like to use AgileCloudSDK so that your app can sync with iCloud, your app must also be in the App Store. Your customers, however, will now be able to choose whichever version they want.

How did we do it?

To make sync as seamless and stable as possible we wanted to make very few changes to the existing sync code in 1Password. We felt the best way to do that was to make a framework that looks and acts like Apple’s native CloudKit framework, but uses the CloudKit web services. This means 1Password can use Apple’s native CloudKit framework in the Mac App Store version, and our new AgileCloudSDK framework in the AgileBits Store version.

There are a lot of internal differences between native CloudKit and CloudKit web services. CloudKit web services relies on JavaScript but native CloudKit uses Cocoa classes for data storage, so we knew that we couldn’t reuse the existing code without something to translate the requests and data back and forth.

In order to talk to Apple’s servers, we needed a mediator. Adam Wulf and I created a class that takes native CloudKit API calls, translates them to web service API calls, and translates the responses back to native Cocoa code. The 1Password sync code is now completely ignorant as to whether it’s connecting to native CloudKit or CloudKit web services. This means that 1Password can find your data in iCloud, whether you’re using the Mac App Store version or the AgileBits Store version. We’re extremely pleased with this outcome!

From our customers’ point of view, iCloud sync in the AgileBits Store version of 1Password will look a little bit different during the initial setup. CloudKit JS does not use the iCloud settings from OS X, so to authenticate with Apple, 1Password will prompt you to log in to your iCloud account by displaying the iCloud login page in your default web browser. Once you have logged in to your iCloud account, CloudKit web services sends an authentication token back to 1Password, which it then stores (securely, of course). This enables 1Password to sync with iCloud without having to reauthenticate each time. Since the iCloud login for CloudKit JS is completely separate from the iCloud settings in OS X System Preferences, you can even use a completely different iCloud account if you like!

Share the knowledge

One of the challenges we faced when developing this framework was that no one else seemed to be working on this particular problem yet. We want AgileCloudSDK to continue to grow and improve and we can think of no better way to ensure that than to release it as open source. We are currently busy prepping it for release and plan to have more information (including a release date) soon. If you’re interested in learning more about this framework, reach out to us at support+agilecloudsdk@agilebits.com.

To everyone at Apple who worked hard to make this new functionality possible: thank you. You’re awesome.

@Marc Bizer Like native CloudKit, the sync code is largely the same, so the limitation carries over. As to why it is there in the first place, it requires a fair bit more effort to support syncing multiple vaults into a single CloudKit container. We wanted to offer CloudKit syncing to our customers as soon as possible, so we released it with single vault support. If you need multiple vault syncing we suggest using DropBox, or 1Password For Teams, which offers multiple vault support in addition to many other enhancements such as multiple users, permissions, and more.

Marc Bizer: First and foremost, we are incredibly excited to be able to offer our AgileBits Store 1Password for Mac customers the same iCloud sync option that Mac App Store customers enjoy. I think that’s fair and more important than adding multiple vault support that only Mac App Store customers could use. But now that it could benefit ALL 1Password for Mac customers, a redesign to make it possible to sync multiple vaults through iCloud is certainly something we can consider doing in the future. Thanks for letting us know this is important to you! :)

willembeekhuis: Thanks for the feedback! Unfortunately iCloud is only integrated on Apple platforms so it still requires an install (which often rules it out for work computers — in that case, 1Password for Teams is a much better option), but we can certainly consider adding iCloud sync support to other platforms in the future as well.

Yes – this is something I’ve wanted to see for some time. Where I work Dropbox sync is blocked, but iCloud is allowed – so I currently have no option except to copy the keychain and bring it with me to other machines

festus77: It seems odd that a workplace would prevent you from installing Dropbox on their equipment but not iCloud, but we can certainly consider adding iCloud support to 1Password on other OSes…just keep in mind that there isn’t an existing codebase to bridge with CloudKitJS, so a lot more work would need to be done there. Definitely not something that could happen in the short term, but thanks for letting us know you’d like us to work on that feature! :)

Definitely try to add iCloud syncing to the Windows version (along with redesigning the current Windows 1Password app). I have multiple OS X and iOS devices and one Surface Pro 4 for when I travel. I’d love to be able to use iCloud for all of them rather than having to install yet another application (Dropbox) that I don’t really use. I much prefer for the syncing to be independent of an app being installed in the OS like Dropbox.

ArkonLabs: Indeed, I would love to be able to use iCloud sync on my non-Apple devices as well!

Just keep in mind that in the case of Windows (or Android), we don’t have an existing CloudKit sync base to bridge with CloudKitJS, so a lot more work would need to be done there to make the same thing a reality. We can’t simply drop (Objective C) code from the Mac (or iOS) app into the Windows version, since there just isn’t any groundwork there.

It’s certainly something we’ll consider, but also keep in mind that this has only existed in the AgileBits Store version of 1Password for Mac for a relatively short time, so it’s something that won’t happen overnight even if we choose to tackle that in the future. I hope that helps clarify the situation.

Also, you do still have to install iCloud on non-Apple devices. It doesn’t come with Windows like it does iOS and OS X, so it that regard it’s no different than Dropbox. ;)

+1 for Windows. The support forum always claimed you wouldn’t be using CloudKit Web Services because it’s not finalised and therefore no Windows support version was possible but this obviously wasn’t true.

Just signed up for a year of LastPass but would still switch to 1Password if it had iCloud Sync on Windows

Brandon Billingham: I’m just going to go ahead and apologize to you myself, since it sounds like something I myself posted months ago somehow gave you the wrong impression.

To be clear, at the time, CloudKitJS was still noted on Apple’s own developer site as being a pre-release framework. Now, that didn’t stop us from trying secretly to work with it in hopes of bringing the iCloud Sync option our Mac App Store customers enjoy to our AgileBits Store customers as well, but it wasn’t always clear if this would be techinically feasible or acceptible under Apple’s rules…and since it was still at an early stage at that point, we weren’t even able to test it internally.

The claim wasn’t that we would never use it, but rather that we didn’t have anything to announce, because it may not have even been possble. And just like I’m not going to tell someone to buy a product I don’t use myself, there’s no way I was going to talk about iCloud even in regard to the AgileBits Store version until I’d been able to test it myself.

Now, we may be able to add support to 1Password for Windows in the future, but it isn’t a plugin or anything. On Windows, CloudKit simply does not exist (either in 1Password or in general), so it’s a complete unknown when it comes to actual implementation. If and when we tackle that, it will require a lot of time to develop and test it before it would ever be something we’d offer to you or the rest of our awesome customers. I hope that helps clarify the situation, and please forgive me if my earlier comments were confusing.

Add my vote. I use Mac, Windows, and iOS versions. Rather switch from Dropbox to iCloud, but I can’t until the Windows app has that ability. Excited as I am this in on the Mac, it won’t help me at this point. Please add my vote.

Thanks for letting us know, Pete! I too would like to be able to sync 1Password for Windows (and Android!) using iCloud, but given that no code to implement this on either platform exists currently, that would be more of a long term goal if it’s something we decide to tackle. That said, I hope we’ll be able to do so in the future. Cheers! :)

Let me start out by saying how much I love 1Password for Mac & iOS. A true 1st class product. What I really need though is the ability to sync 1Password for Windows in an easier fashion. As I mentioned in an earlier reply, Dropbox (and other file drop services) are blacklisted at my work (government). The only thing I can do now is copy the agilekeychain to a thumb drive and update whatever machine needs it after adding or changing a logon. “Some” means of syncing is needed, even if were as dumb as a USB sync with my iPhone. Please, please, please

festus77: I’m really sorry that we don’t have a better solution for you right now (apart from sneakernet or other shenanigans). Ultimately, it’s important to keep in mind that any solution we offer in the future could again be blocked by yours or anyone’s workplace (for example, USB). That’s unfortunately out of all of our control.

That said, we’re working hard to make 1Password for Teams awesome, and also to bring it to all of the platforms we support (and then some, with the help of the web interface). Most importantly, we’ve designed it from the ground up with security compliance in mind, so that businesses (and governments) will be able to use it themselves. You may be able to use 1Password for Teams now (using the web interface) or in the future (once it’s rolled out everywhere) on your own, and also perhaps fully sanctioned as more institutions evaluate it. :)

+1 here for iCloud sync for windows 1Password app. At home, I mostly have Macs, but at work, I mostly have Windows. I would rather not load yet another storage sync app to my devices and computers, just to sync data…

This change is independent of adding other syncing options in the future. We still have lots requests to add Google Drive, OneDrive and Box and we have not ruled any of them out. I have added your voice as an upvote as well.

Since you purchased the app from the Mac App Store you will need to go to Apple directly for a refund on that purchase. We have no access to the backend of the Mac App Store and can;t do anything for you.

Cameron Brister: Indeed! But keep in mind that switching to the AgileBits Store version is only “half of the battle”; if you’re a Mac App Store customer, be sure to email us a copy of your receipt at support+licenses@agilebits.com so we can use it to generate a license for you as well. Cheers! :)

Unfortunately not. 1PasswordAnywhere was build specifically around Dropbox and it is not an option available with iCloud syncing. You may want to check out 1Password for Teams at https//teams.1password.com which is another way to get web access to your vault when away from your own computer.

We used to allow multiple syncing sources for a single vault, but we kept ending up with conflicts and that led to a cascade of other issues. So while I will be happy to pass on your feature request, I wouldn’t be too hopeful given our past experiences.

This is great! Very little reason to stay with the MAS version anymore… In fact, is there any feature difference in v6 between the two (aside from the direct version getting more updates quicker than the MAS version)? As a developer I’d definitely be interested in seeing the open source version of AgileCloudSDK. May come in handy (who wouldn’t want their non-MAS apps to have access to iCloud?), but certainly may be worthwhile to look at just for the purposes of continually educating myself on the ever-evolving Apple technologies. Really, though, an awesome achievement and feature for 1Password 6.

the icloud sync is not working on my machine. I installed the latest version on booth mac os and ios. On iOS it is working but on make I get the login page on chrome to login in my icloud account. Then I need to confirm my email address with a number I get. After I enter the number on the page I logged out again. Nothing happend?!

I’m sorry that you are having issues logging in. What should happen is that it should change to a spinner, and in a few seconds bring the 1Password app back to the foreground where you can continue to set up sync. Try it again, and after ten or so seconds, check the app again to see if it will let you proceed. Otherwise, please contact our support team at https://support.1password.com and we’ll do our best to get you up and running.

Ah, this explains why Logic Pro X now supports some iCloud functionality too – I mean that’s always been an App Store app but Apple’s Pro Apps support has insisted that they’d have to completely rewrite Logic in order to support iCloud. But if CloudKit is now usable as a modular API-style component (as it should have been in the first place), that makes a lot more sense.

Glad to see Apple actually making a change to a core API to make it less restrictive, for once.

Logic Pro X may be supporting syncing some preferences through iCloud, which is a different, simpler API, but not their data. But I agree, CloudKit Web Services does open up new possibilities for many developers, and it’s a very good thing.